diff options
| author | Ade Lee <alee@redhat.com> | 2017-05-23 10:01:47 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-05-23 15:26:16 -0400 |
| commit | f40d0aaf446b162994e9c8598a7b00a6d4c906f2 (patch) | |
| tree | c88b74ad137b2cecdec48f176e0f6fc7e683c3ef /base/server/cms/src/com/netscape | |
| parent | 3027b565320c96857b7f7fdffed9a5fbec084bab (diff) | |
| download | pki-f40d0aaf446b162994e9c8598a7b00a6d4c906f2.tar.gz pki-f40d0aaf446b162994e9c8598a7b00a6d4c906f2.tar.xz pki-f40d0aaf446b162994e9c8598a7b00a6d4c906f2.zip | |
Encapsulate recovery request approval audit logs
The audit logs where an agent grants an asynchronous recovery request
and the case where recovery request is appproved from the REST API
are consolidated and encapsulated in a class.
Change-Id: I237c1dcfc413012d421f3ccc64e21c7caf5a7701
Diffstat (limited to 'base/server/cms/src/com/netscape')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java | 65 |
1 files changed, 11 insertions, 54 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index c41052554..2a5006787 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -34,8 +34,9 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.common.ICMSRequest; import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.SecurityDataRecoveryStateChangeEvent; +import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; @@ -194,32 +195,7 @@ public class GrantAsyncRecovery extends CMSServlet { String agentID, HttpServletRequest req, HttpServletResponse resp, Locale locale) { - String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditRequestID = reqID; - String auditAgentID = agentID; - - // "normalize" the "reqID" - if (auditRequestID != null) { - auditRequestID = auditRequestID.trim(); - - if (auditRequestID.equals("")) { - auditRequestID = ILogger.UNIDENTIFIED; - } - } else { - auditRequestID = ILogger.UNIDENTIFIED; - } - - // "normalize" the "auditAgentID" - if (auditAgentID != null) { - auditAgentID = auditAgentID.trim(); - - if (auditAgentID.equals("")) { - auditAgentID = ILogger.UNIDENTIFIED; - } - } else { - auditAgentID = ILogger.UNIDENTIFIED; - } try { header.addStringValue(OUT_OP, @@ -233,40 +209,21 @@ public class GrantAsyncRecovery extends CMSServlet { header.addStringValue("requestID", reqID); header.addStringValue("agentID", agentID); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRequestID, - auditAgentID); - audit(auditMessage); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.KEY_RECOVERY_AGENT_LOGIN, + audit(new SecurityDataRecoveryStateChangeEvent( auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); + ILogger.SUCCESS, + new RequestId(reqID), + "approve")); - audit(auditMessage); } catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString()); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); - - audit(auditMessage); + audit(new SecurityDataRecoveryStateChangeEvent( + auditSubjectID, + ILogger.FAILURE, + new RequestId(reqID), + "approve")); } } } |